Re: Preliminary Notice: Cisco LocalDirector enable password loss

Dustin Sallings (dustin@spy.net)
Mon, 17 Nov 1997 21:50:15 -0800

> Being one of the customers involved in the below mentioned incident I
> feel I must make a full confession ;)
>
> Testing from the console and from a telnet session this morning shows
> that the properly set and written to memory password appears secure.
> None of my tests this morning succeeded in entering enable mode without a
> full and valid password entry. I do not know what state the device was
> in when the attempt outlined below succeeded and I have not been able to
> duplicate it without removing the password and writing to memory without
> a password set.
>
> I would like to thank Cisco and John for their quick attention to this
> matter. Cisco remains one of the most professional outfits out there.

Yes, it appears that my problem was not that it took ^C for the
password, but that it had completely lost its password but not been nice enough
to tell me so, and it's very difficult to just ``discover'' as it still accepts
your old password (or anything else you hand it) when it looses one. This
isn't quite the behavior I'd prefer[0], but is much better than what I thought
was going on.

[0] I would prefer, of course, it accepting only blank for an unset password.

--
Taos Mountain TS         My girlfriend asked me which one I like better.
pub  1024/3CAE01D5 1994/11/03 Dustin Sallings <dustin@spy.net>
|    Key fingerprint =  87 02 57 08 02 D0 DA D6  C8 0F 3E 65 51 98 D8 BE
L_______________________ I hope the answer won't upset her. ____________